Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38608 | 1 Apple | 1 Macos | 2023-08-02 | N/A | 5.5 MEDIUM |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.5. An app may be able to access user-sensitive data. | |||||
| CVE-2023-38496 | 1 Lfprojects | 1 Apptainer | 2023-08-02 | N/A | 3.3 LOW |
| Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1. | |||||
| CVE-2023-32231 | 1 Vasion | 1 Printerlogic Client | 2023-08-02 | N/A | 9.9 CRITICAL |
| An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. During installation, binaries gets executed out of a subfolder in C:\Windows\Temp. A standard user can create the folder and path file ahead of time and obtain elevated code execution. | |||||
| CVE-2023-32232 | 1 Vasion | 1 Printerlogic Client | 2023-08-02 | N/A | 9.9 CRITICAL |
| An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges). | |||||
| CVE-2023-38499 | 1 Typo3 | 1 Typo3 | 2023-08-02 | N/A | 5.3 MEDIUM |
| TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem. | |||||
| CVE-2023-21405 | 1 Axis | 11 A1001, A1001 Firmware, A1210 \(-b\) and 8 more | 2023-08-02 | N/A | 6.5 MEDIUM |
| Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions. | |||||
| CVE-2023-3782 | 1 Squareup | 1 Okhttp-brotli | 2023-08-02 | N/A | 5.9 MEDIUM |
| DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response | |||||
| CVE-2023-28261 | 1 Microsoft | 1 Edge Chromium | 2023-08-02 | N/A | 5.7 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2021-34475 | 1 Microsoft | 1 Edge Chromium | 2023-08-02 | N/A | 5.4 MEDIUM |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-23269 | 1 Microsoft | 1 Dynamics Gp | 2023-08-02 | 4.3 MEDIUM | 5.4 MEDIUM |
| Microsoft Dynamics GP Spoofing Vulnerability | |||||
| CVE-2023-29344 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2023-08-02 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2023-28288 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-08-02 | N/A | 8.1 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2023-33140 | 1 Microsoft | 1 Onenote | 2023-08-02 | N/A | 6.5 MEDIUM |
| Microsoft OneNote Spoofing Vulnerability | |||||
| CVE-2022-23258 | 2 Google, Microsoft | 2 Android, Edge | 2023-08-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge for Android Spoofing Vulnerability | |||||
| CVE-2023-23540 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-08-02 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-0384 | 1 Imdpen | 1 Video Conferencing With Zoom | 2023-08-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog | |||||
| CVE-2023-0767 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-08-02 | N/A | 8.8 HIGH |
| An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | |||||
| CVE-2023-32059 | 1 Vyperlang | 1 Vyper | 2023-08-02 | N/A | 7.5 HIGH |
| Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8. | |||||
| CVE-2023-20873 | 1 Vmware | 1 Spring Boot | 2023-08-02 | N/A | 9.8 CRITICAL |
| In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. | |||||
| CVE-2023-33298 | 1 Perimeter81 | 1 Xpc Helpertool | 2023-08-02 | N/A | 7.8 HIGH |
| com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath. | |||||
| CVE-2023-36862 | 1 Apple | 1 Macos | 2023-08-02 | N/A | 5.5 MEDIUM |
| A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. | |||||
| CVE-2023-36854 | 1 Apple | 1 Macos | 2023-08-02 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-35983 | 1 Apple | 1 Macos | 2023-08-02 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system. | |||||
| CVE-2023-32437 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-02 | N/A | 8.6 HIGH |
| The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox. | |||||
| CVE-2021-31211 | 1 Microsoft | 1 Visual Studio Code | 2023-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-31209 | 1 Microsoft | 1 Exchange Server | 2023-08-02 | 5.8 MEDIUM | 6.5 MEDIUM |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2021-31200 | 1 Microsoft | 1 Neural Network Intelligence | 2023-08-02 | 6.5 MEDIUM | 7.2 HIGH |
| Common Utilities Remote Code Execution Vulnerability | |||||
| CVE-2021-31205 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-08-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Windows SMB Client Security Feature Bypass Vulnerability | |||||
| CVE-2021-31182 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2023-08-02 | 4.8 MEDIUM | 7.1 HIGH |
| Microsoft Bluetooth Driver Spoofing Vulnerability | |||||
| CVE-2021-31173 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-08-02 | 4.0 MEDIUM | 5.3 MEDIUM |
| Microsoft SharePoint Server Information Disclosure Vulnerability | |||||
| CVE-2021-31186 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-02 | 4.3 MEDIUM | 7.4 HIGH |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |||||
| CVE-2021-31194 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-02 | 6.5 MEDIUM | 8.8 HIGH |
| OLE Automation Remote Code Execution Vulnerability | |||||
| CVE-2021-31171 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-08-02 | 2.1 LOW | 4.1 MEDIUM |
| Microsoft SharePoint Information Disclosure Vulnerability | |||||
| CVE-2021-28478 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-08-02 | 5.8 MEDIUM | 7.6 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-31193 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| Windows SSDP Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-26421 | 1 Microsoft | 2 Lync Server, Skype For Business Server | 2023-08-02 | 5.8 MEDIUM | 6.5 MEDIUM |
| Skype for Business and Lync Spoofing Vulnerability | |||||
| CVE-2021-31179 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2023-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-31936 | 1 Microsoft | 1 Accessibility Insights For Web | 2023-08-02 | 4.3 MEDIUM | 7.4 HIGH |
| Microsoft Accessibility Insights for Web Information Disclosure Vulnerability | |||||
| CVE-2021-31172 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-08-02 | 5.8 MEDIUM | 7.1 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2021-31214 | 1 Microsoft | 1 Visual Studio Code | 2023-08-02 | 9.3 HIGH | 7.8 HIGH |
| Visual Studio Code Remote Code Execution Vulnerability | |||||
| CVE-2021-31185 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-08-02 | 2.1 LOW | 5.5 MEDIUM |
| Windows Desktop Bridge Denial of Service Vulnerability | |||||
| CVE-2021-28476 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2023-08-02 | 6.5 MEDIUM | 9.9 CRITICAL |
| Windows Hyper-V Remote Code Execution Vulnerability | |||||
| CVE-2021-31195 | 1 Microsoft | 1 Exchange Server | 2023-08-02 | 6.8 MEDIUM | 6.5 MEDIUM |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-31192 | 1 Microsoft | 1 Windows 10 | 2023-08-02 | 6.8 MEDIUM | 7.3 HIGH |
| Windows Media Foundation Core Remote Code Execution Vulnerability | |||||
| CVE-2021-31191 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2023-08-02 | 2.1 LOW | 5.5 MEDIUM |
| Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | |||||
| CVE-2021-31190 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2023-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-31184 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-08-02 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | |||||
| CVE-2021-26422 | 1 Microsoft | 2 Lync Server, Skype For Business Server | 2023-08-02 | 6.5 MEDIUM | 7.2 HIGH |
| Skype for Business and Lync Remote Code Execution Vulnerability | |||||
| CVE-2021-28479 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-08-02 | 2.1 LOW | 5.5 MEDIUM |
| Windows CSC Service Information Disclosure Vulnerability | |||||
| CVE-2021-26418 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-08-02 | 5.8 MEDIUM | 4.6 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||